Exchange 2010 Service Pack 2 and Hosting

With the changes in strategy we announced in Future of /Hosting Mode a few months back we wanted to take the opportunity to make clear what is supported in what are typically referred to as hosting scenarios.

The most important thing to understand is that a hoster, a control panel vendor, or anyone who uses and follows the guidance we publish publically to build their solution is fundamentally no different than any other customer who deploys Exchange, but chooses not to change any of the default settings. We intend to offer support to you no differently than we would any other customer.

For example, you are an a typical Enterprise customer, and deploy Exchange, configure some Address Book Policies (ABP), change some calendar permissions and add few thousand accepted domains, you will get support just as you always have, as your configuration uses only supported tools and processes. As a hoster or private cloud builder it will be no different. You too create objects, set up some ABPs, and may end up with an unusual configuration in the eyes of an average Exchange customer, but that is all it is – unusual, customized to meet your requirements, but not unsupported.

Here are a few examples to try and clarify what this means:

You call us with an Exchange transport agent problem and it is clear that whatever you built doesn’t follow any of our published development guidance. We will recommend you change it to follow our guidance, and that advice won’t change whether you are a hoster, building a private cloud or are an Enterprise organization.

You are a hoster and call us to say that you can’t stop internal OOFs being delivered between tenants on your self-built hosting platform. We point you to our hosting guidance where we clearly state this is a known issue with this type of configuration and also tell you that the document also suggests the right approach to take to try and solve this kind of issue. If you want to then open a separate developer case to get help as you create the solution, you can do that too.

So as you can see, if you are a hoster or an Enterprise customer, or someone who builds themselves a solution to host multiple tenants in some way, and you have used supported tools and methods to configure your system we’ll be able to effectively support it. That’s really no different than it is today, if you choose to make some rather unusual changes to your system, we don’t ask to validate the end-to-end system before we help you recover that database. If, on the other hand, the database failed because of that rather unusual change you made, that’s when we get to discuss why you made those changes and potentially point out that they’re unsupported.

If a control panel vendor wishes to sell their solution AND have their solution listed on our web site, they need to provide written confirmation to us that their solution complies with the ENTIRE guidance document. If they only 90% comply, they won’t be listed. It won’t stop a vendor selling their solution, as they can do that without us reviewing any of their solution, but a customer who wants to buy a solution will not see theirs listed on our web site.

So in summary, for customers using Exchange 2010 SP2, we will treat our hosters and enterprise customers the same – if the root cause of your problem is an unsupported setting or change, we will point that out and recommend you change it. As a hoster you can really create a multi-tenancy system without making any unsupported changes. The guidance we have published will help you to do so, and we recommend you follow it.

I like to think about it like this: our end goal in providing guidance and allowing hosters to use Exchange Server 2010 SP2 is to make sure they end up with a solution based upon a supported configuration, which makes their system just the same as anyone else’s. We really do want you to get support for your system when you need it, you just need to make sure what you are doing will help us to help you.

Greg, that clarifies a lot of confusion but a question that is still unanswered is, will a hoster be able to use ABP in a normal exchange setup or they still have to stick to /hosting switch if they are commissioning a new server / organization?

Dave, there's no concerpt of the -organization switch if you don't use /hosting, and so the creation of logical organizations is something the admins has to do by combining things like ABP's, together with OU separation, changing ACL's on the OAB folders, maybe creating transport rules and changing default calendar permissions etc. The guidance document outlines the things you need to consider when configuring a product that is single tenant by design, to behave in a multi-tenant way. Read the guidance doc linked to in the post, I think it will make things clearer.

How about Sharepoint hosting using the same Active Directory as Exchange? Would that render the platform in an unsuported mode? Is even posible to have Sharepoint multy-tenancy with Exchange 2010 SP2 and the corresponding AD ? The guide mentions in some places about Lync hosting, but nothing about Sharepoint

@ Dave – most hosters I have spoken to feel the opposite, as this enables them to do things like, to quote a recent example from the post above yours, put Sharepoint and Lync in the same forest as Exchange. It really appeals to most of them. We're enabling hosters to use a much broader set of Exchange features by allowing them to use the on-prem version of the product, at the expense of having to be more creative in configuring multi-tenancy, for which we have provided guidance to ensure it is done correctly.

At the simplest level, create 2 or 3 ABP's and you have the beginnings of it. Take a look at the document to see what else you might need to do, changing default calendar permissions, create some transport rules, secure OAB's, remove some ECP options, there's a lot of scope. We are not going to produce a step by step on how to do it, as there's really no one-size-fits-all approach to this.

I would warn anyone that thinks ABP's ARE multi-tenancy to think again. They solve one of the problems (directory access) you need to solve when building a multi-tenant platform, but they alone are not the entire solution.

It's not super simple, which is why we wrote the guidance, and we worked with control panel vendors, who have the skills and experience already, and who offer ready made solutions. If you don't have the skills in-house today, don't have a desire to develop the skills inside your own company or need to get to market fast, you might wnat to choose one of the vendor solutions we have validated.

First you "messed" up GAL segregation in SP1. That was a disaster we're still working to clean up (new servers in /hosting mode, migrating customers over etc).

Now you release SP2 and reverse everything. You have cost us a lot of money, many, many hours of work and angry customers.

In my opinion, this SP2 is a step to push people over to Office 365, which still smells very beta. We have migrated a few customers over to Office 365, and for example a bandwidth cap in the migration of 50KB/s doesn't exactly help. Also with a price that is way under the SPLA prices we have, you easily remove any competition on hosted Exchange.

You make your partners (SMB hosters) look bad. I am very disappointed.

Johnny, I do hear the feedback, and it's not just you that has already deployed /hosting. But I will add this one thought – you don't have to build a new forest and migrate away right away. /Hosting will be supported for the life of 2010, and what I know some hosters are doing is building an additional forest using on-prem Exchange, and then putting new subscribers on it, and only moving existing customers to it if they want the additional features it offers. Otherwise, they will leave them on the /hosting system. Of course they are now managing two systems, but that's the choice they made to give them some choice and some flexibility.

Greg, I hear you, and we are aware of the possibilities within the 2010 lifespan. But i still think this is a step in the wrong direction generally speaking. Will there even be a new version of Exchange? Or will that be reserved for Office 365 only? I hope you can see it from our point of view. We push SPLA licenses, and that sends money your way and generate an income with existing and new customers for us.

Going from 2007 HMC4.5 to 2010 SP1/Hosted was painful. However we got it done thinking it will be the last time we have to do a cross-forest migration.

Now comes 2010 SP2, and here we go again.

Having separate environments would never work, because ultimately you will have to move everyone over to the new system (why else are clients paying for hosting and SPLA, if not to be on the newest system).

I am shocked and disappointed with how Microsoft has been treating Partners with the hosted platform. Firstly the SPLA pricing is not line with Office365, secondly we have our hand tied behind our back as we cannot offer OfficePlus for local use (but Office365 can), thirdly MS has provided partners nothing but false promises about the platform going forward and getting a straight answer from MS about the future plans is simply no possible.

Are there going to be any better guide lines from moving from /hosting to SP2? I've never done a cross forest migration so I was hoping there would be some detailed instructions on performing this. I assume it would be almost exactly like a 2003/2007 -> 2010 cross forest excluding the ABP?

Greg, after checking the configuration of /hosting in sp1,I finally due with this problem by using the PowerShell to append a number to the -samaccountname such that both accounts have different UPN and different Samaccountname and created in different OUs, this is the exact behavior of what was done in /hosting mode.Actually in /hosting mode this task only takes me 1-2 mins but now it is really complicated.

Patrick, those systems will be potentially a source of some information that needs to be extracted and re-used, but once done, there should be no need for them to stay – though of course that all depends on what the new provisioning engine you use will be.

Hi Patrick. Our recommendation would be to ensure that the provisioning system be responsible for ensuring that an OAB update occurs daily only for OABs that require an update (i.e. tenants that have had provisioning activity in the previous day), and the OAB update calls should be spread out as much as possible rather than all batched during a short time window.

If you notice OAB's do not complete generation in the allotted window, or place a load on active mailbox servers that put your service as risk, then consider dedicating servers for the task. But don't do it just becuase you always did, only if you need to.

I totally agree with Johnny, Dave and Bernd. Common guys, life is not easy with the low margins hosters are making trying to compete with Google. Then MS launches Office 365 and competes with their very own partners, but its no competition because even though the prices are lower the service is bad. And now the curve-ball of SP2 with the get all the functionality but bend over backwards and maybe if you are smart enough (or throw enough money at it) you can solve the problem of migrating existing customers. Its really a pretty messed up strategy – who is driving this ship? Chewbakka?

Do you have information about having multiple custom contacts with the same external smtp address in the SP2 release? This was something that didn't work in HMC and was supposed to have been resolved with /hosting.

So there's a way to create the two contacts, but without writing an agent you still have an issue when using on-prem Exchange.

The way to create the contact is to make sure you specify the target and proxy addresses explicity at creation time (only proxy must be unique). The challenge though is that the proxy is used as the reply address to all other recipients, same as HMC. So you really need to write some kind of agent to get that to work right, re-writing the reply address as it leaves the org.

Something like a wizard that asks you some questions regarding the client, and based on the answers input, all the necessary tasks to achieve tenant isolation will be executed, without having to manually action all the tedious tasks?

Securing OABs, free busy, mail routing, distribution groups and the list goes on. It seems as though MS fixes one thing and creates 20 more things…

Chas – as was explained in the post and in subsequent responses, our strategy has changed in this area. We have decided to work with partners and help enable them to fulfill the need for people who want more help in building a multi-tenant solution.